http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6874
--- Comment #10 from Robin Sheat <[email protected]> 2011-10-13 22:06:06 UTC --- * I don't think expecting people to configure apache to do that is reasonable, many of them have enough trouble with the basic stuff. * Yeah, I saw how the other plugins worked after I wrote that, so I think that's OK (but should probably be fixed in the longer term.) * Having a pass-through script is ideal. I'd be inclined to have it be like: opac-retrieve.pl?id=abc123 where abc123 is a random string, or perhaps a hash of the file. This will prevent people enumerating ID numbers, and can reduce the chance of collisions compared to using a filename (also, if you use a hash, then uploading the same file multiple times will mean that only one version needs to be stored.) In the longer term, it also allows it to have fancier permissions or what not. And, it would remove the risk of executable files being uploaded. I think it would also allow multiple Koha instances to share one file store, if it used hashes, as they wouldn't be guessable. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
